Download EXE Radar Pro and install it. Download Ikarus T3 (T3 VDB + T3 Commandline Scanner): http://updates.ikarus.at/updates/update.html Extract ikarust3scan.exe in: C:\AVs\Ikarus\ Place there also t3sigs.vdb. Now open EXE Radar Pro and click the [TAB] Behavioral. Open the [TAB] Custom Scanners. Put a check in Enable Custom Sca...
Continue reading...

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this ma...
Continue reading...

Infected website: hxxp://somerandomiframedomain. comhxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Cre...
Continue reading...

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...

A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer. SpyEye...
Continue reading...

This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...

Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [&hel...
Continue reading...

Users have reported to us another case of a massive blackhat SEO strategy used to redirect traffic to infected websites with the objective to infect users with the popular and very dangerous TDSS Trojan. Blackhat SEO strategy targeted most popular video streaming websites such as youtube, metacafe, etc. and the malicious files t...
Continue reading...

Worm.IM.Sohanad is a worm that spreads itself via Yahoo Messenger and can infect all the contacts present in your Yahoo Messenger Contacts List, by sending them a text message that can contain a malicious HTTP link pushing the users to download the worm. Its also possible for the worm to send a HTTP link that […]
Continue reading...

A user submitted a suspicious link that was present in his website as a hidden iframe. Malicious hidden iframes are mainly inserted into HTML pages of legitimate websites, by hackers that want to spread their malware with the objective of infecting all the users that visit the compromised website and in most of the cases, [&hell...
Continue reading...